Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > HOWTO-Related Questions

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 28th April 2010, 22:06
Maxum Maxum is offline
Junior Member
 
Join Date: Dec 2006
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default Clamav issue with The Perfect SpamSnake - Ubuntu Jeos 9.10

I have been following the The Perfect SpamSnake - Ubuntu Jeos 9.10 how to and have got to the point of where MailScanner and Postfix are configured and running. I get the following error every time the server handles a piece of mail:

Apr 28 12:44:24 ubuntufirewall MailScanner[2208]: Clamd::ERROR:: UNKNOWN CLAMD RETURN ./lstat() failed: Permission denied. ERROR :: /var/spool/MailScanner/incoming/2208
Apr 28 12:44:24 ubuntufirewall MailScanner[2208]: Virus Scanning: Clamd found 1 infections
Apr 28 12:44:24 ubuntufirewall MailScanner[2208]: Virus Scanning: Found 1 viruses

Here are the permissions on /var/spool/MailScanner/
root@ubuntufirewall:/var/spool/MailScanner# ll
total 12
drwxr-xr-x 9 postfix www-data 4096 2010-04-28 12:44 incoming
drwxr-xr-x 3 postfix www-data 4096 2010-04-28 12:05 quarantine
drwxr-xr-x 2 postfix www-data 4096 2010-04-28 12:05 spamassassin

Here are the permissions on /var/spool/MailScanner/incomming
root@ubuntufirewall:/var/spool/MailScanner/incoming# ll
total 44
drwxr-x--- 2 postfix www-data 4096 2010-04-28 12:43 2193
drwxr-x--- 2 postfix www-data 4096 2010-04-28 12:44 2199
drwxr-x--- 2 postfix www-data 4096 2010-04-28 12:44 2202
drwxr-x--- 2 postfix www-data 4096 2010-04-28 12:44 2205
drwxr-x--- 2 postfix www-data 4096 2010-04-28 12:44 2208
drwxr-x--- 2 postfix www-data 4096 2010-04-28 12:43 Locks
-rw------- 1 postfix www-data 4096 2010-04-28 12:44 Processing.db
-rw------- 1 postfix www-data 10240 2010-04-28 12:44 SpamAssassin.cache.db
drwx------ 2 postfix www-data 4096 2010-04-28 12:44 SpamAssassin-Temp

I also get a warning message in /var/log/clamav/clamav.log
Wed Apr 28 12:44:24 2010 -> WARNING: lstat() failed on: /var/spool/MailScanner/incoming/2208

/opt/MailScanner/etc/MailScanner.conf is set as per the how to. Where
Incoming Work Group = clamav
Incoming Work Permissions = 0640

/etc/clamav/clamd.conf is configured with

User clamav
AllowSupplementaryGroups true



To try and fix the problem I have

Added clamav to the postfix group: postfix:x:115:clamav

Added the following line to /etc/apparmor.d/usr.sbin.clamd:
/var/spool/MailScanner/incomming/* rw,
Reply With Quote
Sponsored Links
  #2  
Old 29th April 2010, 04:18
Rocky Rocky is offline
Senior Member
 
Join Date: Oct 2005
Posts: 553
Thanks: 14
Thanked 49 Times in 48 Posts
Default

Hey,

Try the following:
usermod -a -G postfix clamav

Verify 'AllowSupplementaryGroups yes' is set in clamd.conf

Let me know if that worked and i'll update the guide.

Thanks
__________________
Home of the SpamSnake

Last edited by Rocky; 29th April 2010 at 05:04.
Reply With Quote
  #3  
Old 29th April 2010, 17:44
Maxum Maxum is offline
Junior Member
 
Join Date: Dec 2006
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I ran usermod -a -G postfix clamav and Verified 'AllowSupplementaryGroups tRue' in the clamav.conf. I still received the error.


I should have mentioned in the original post i am using Ubuntu Server 9.10 AMD64. I am not sure if that would make a difference but thought I should mention it.

Thanks
Reply With Quote
  #4  
Old 30th April 2010, 19:31
Maxum Maxum is offline
Junior Member
 
Join Date: Dec 2006
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
Default

OK it looks like I have got it fixed.

First I removed Apparmor - I am sure there is a way to modify the profile to get it to go but i couldn't figure it out. I could leave apparmor installed and put the clamav profile in complain mode and it worked as well.

Second I added clamav to the www-data group. Which now that I am looking back at the permissions I posted for the /var/spool/MailScanner/incoming directory makes perfect sense.

Thanks for your help..i am off to finish the how to.
Reply With Quote
  #5  
Old 5th May 2010, 16:53
Drex56 Drex56 is offline
Junior Member
 
Join Date: May 2010
Posts: 16
Thanks: 0
Thanked 2 Times in 2 Posts
Default

Just to Add to Maxum's post I did the following which ridded me of the dreaded Clam error:

Assumptions:

1. clamd is located in
Code:
/usr/sbin
2. AppAromor profiles are held in
Code:
/etc/apparmor.d
3. MailScanner incoming queue is
Code:
/var/spool/MailScanner/incoming
Obviously you will need to do the following to add clamd to the www-data group so that it can access the directory:

Code:
sudo usermod -a -G www-data clamav
Now edit the profile for clamd:
Code:
sudo nano /etc/apparmor.d/usr.sbin.clamd
Add the Incoming folder to the list of folders
Code:
  /var/spool/MailScanner/** rw,

  /var/spool/MailScanner/incoming/** rw,
Now to be honest, I dont really need the second line as the ** means files AND directories underneath the current directory but will leave it in there as "it's what worked for me".

After that I reload ALL the Apparmor profiles (it was easier at the time to find that than find how to reload just one).

Code:
sudo /etc/init.d/apparmor reload
After this send yourself a test mail and look at mail.log using:
Code:
tail -f /var/log/mail.log
And watch as clamd does not error.

Hope this helps.

Regards

Drex
Reply With Quote
The Following User Says Thank You to Drex56 For This Useful Post:
Rocky (9th May 2010)
  #6  
Old 9th May 2010, 16:34
Rocky Rocky is offline
Senior Member
 
Join Date: Oct 2005
Posts: 553
Thanks: 14
Thanked 49 Times in 48 Posts
Default

Good addition. I take it that you didn't remove apparmor? This is good for those who prefer to use it.

Thanks,

Rocky
__________________
Home of the SpamSnake
Reply With Quote
  #7  
Old 13th May 2010, 10:42
Drex56 Drex56 is offline
Junior Member
 
Join Date: May 2010
Posts: 16
Thanks: 0
Thanked 2 Times in 2 Posts
Default

Hi Rocky,

No, I didn't, I didn't see any point in removing it plus it just means my system that that bit more secure! Though I could be wrong as I am no Genius when it comes to Linux.

Regards

Drex
Reply With Quote
  #8  
Old 21st March 2011, 16:21
macross macross is offline
Junior Member
 
Join Date: Dec 2010
Posts: 24
Thanks: 2
Thanked 0 Times in 0 Posts
 
Default Thank you

Thanks! That was bugging me, I chose the keep apparmor route as well.
Reply With Quote
Reply

Bookmarks

Tags
clamav, mailscanner, spamsnake, ubuntu 9.10

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Connection timed out on intermail outgoing mails gouravgarg Server Operation 6 5th March 2010 20:31
Perfect Server Ubuntu 9.10 ISPConfig2 AppArmor Issue dwtj01 HOWTO-Related Questions 9 18th November 2009 13:47
MailScanner trouble with DBD-MYSQL sergio.arnaldo Server Operation 11 26th August 2009 18:08
Unbale to login to Postfix from webmail wasimriz HOWTO-Related Questions 5 6th April 2009 13:49
SpamSnake SpamAssassin not working? getrav HOWTO-Related Questions 5 23rd June 2008 23:02


All times are GMT +2. The time now is 20:37.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.